Escolar Documentos
Profissional Documentos
Cultura Documentos
Controller
Maintenance Release Guide
Release S-CX6.3.0
Formerly Net-Net Session Director
October 2013
Notices
Copyright 2013, 2011, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use
and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license
agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit,
distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering,
disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you
find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on
behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any
programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are
"commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific
supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs,
including any operating system, integrated software, any programs installed on the hardware, and/or
documentation, shall be subject to license terms and license restrictions applicable to the programs. No other
rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is
not developed or intended for use in any inherently dangerous applications, including applications that may
create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be
responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use.
Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or
hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their
respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are
used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the
AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices.
UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and
services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all
warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of thirdparty content, products, or services.
Contents
1 S-CX6.3.0M1.................................................................................... 7
Content Map.......................................................................................................................................................... 7
H.235 Encryption.................................................................................................................................................. 7
2 S-CX6.3.0M2.................................................................................... 9
Content Map.......................................................................................................................................................... 9
H.248 ALG MID................................................................................................................................................... 9
H.248 ALG MID Configuration..............................................................................................................10
H.248 Port Mapping ALG...................................................................................................................................11
Mapping Scheme Types and Precedence................................................................................................ 11
Creating and Using Port Maps................................................................................................................ 11
Removing Port Maps...............................................................................................................................12
H.248 Port Mapping Configuration.........................................................................................................12
RTC and HA Considerations...................................................................................................................13
Management............................................................................................................................................ 13
H.248 ALG Media Timer Expiration.................................................................................................................. 15
H.248 ALG Media Timer Expiration Configuration...............................................................................15
E2 CLF Configurable Timeout............................................................................................................................16
Activating a Configuration with the E2 CLF Timeout Defined..............................................................16
E2 CLF Timeout Configuration.............................................................................................................. 16
3 S-CX6.3.0M3.................................................................................. 17
Content Map........................................................................................................................................................ 17
Support for 3000 VLANs.................................................................................................................................... 17
SDP Version Change without SDP Body Change.............................................................................................. 18
SDP Version Change Configuration....................................................................................................... 18
ACLI Parameter Long String Length..................................................................................................................18
media-manager........................................................................................................................................ 19
security.................................................................................................................................................... 19
session-router...........................................................................................................................................20
system......................................................................................................................................................22
IPv6 Link Local Addresses................................................................................................................................. 22
SDP Insertion for (Re)INVITEs..........................................................................................................................23
SDP Insertion for SIP INVITEs Configuration.......................................................................................24
Insertion for SIP ReINVITEs Configuration...........................................................................................24
add-sdp-invite......................................................................................................................................................25
Palladion Mediation Engine................................................................................................................................ 25
IPFIX................................................................................................................................................................... 26
Communications Monitor Configuration............................................................................................................ 26
Communication Monitor......................................................................................................................... 26
TSCF Rekey Profile Configuration.........................................................................................................28
TLS Profile Configuration.......................................................................................................................28
Automated Daylight Savings Time (DST) Updates............................................................................................30
Baseline Configuration............................................................................................................................30
Static DST Updates................................................................................................................................. 30
Rules-based DST Updates.......................................................................................................................30
DST Update Examples............................................................................................................................ 30
Legacy time zone Command Interaction.................................................................................................31
Oracle Communications Session Border Controller
timezone Configuration...........................................................................................................................31
Maintenance........................................................................................................................................................ 32
timezone-config...................................................................................................................................................32
4 S-CX6.3.0M4.................................................................................. 35
Content Map........................................................................................................................................................ 35
BG RTP Flow Installed When mode=inactive....................................................................................................35
Prerequisites............................................................................................................................................ 35
BG RTP Flow Configuration.................................................................................................................. 35
5 S-CX6.3.0M5.................................................................................. 37
Content Map........................................................................................................................................................ 37
Preface
About this guide
The Maintenance Release Guide provides information about the contents of maintenance releases related to release SCX6.3.0. This information can be related to defect fixes, to adaptations made to the system software, and to
adaptations ported to this release from prior releases. When applicable, this guide contains explanations of defect
fixes to the software and step-by-step instructions, if any, for how to enables these fixes on your system. This guide
contains explanations of adaptations including conceptual information and configuration steps.
Purpose of this Document
Designed as a supplement to the main documentation set supporting release S-CX6.3.0, this document informs you of
changes made to the software in the maintenance releases of S-CX6.3.0. Consult this document for content specific to
maintenance releases. For information about general Net-Net OS features, configuration, and maintenance, consult
the Related Documentation (iv) listed in the section below and then refer to the applicable document.
Organization
The Maintenance Release Guide is organized chronologically by maintenance release number, started with the oldest
available maintenance release and ending with the most recently available maintenance release.
This document contains a Maintenance Release Availability Matrix, showing when and if given maintenance releases
have been issued and the date of issue. Each available maintenance release constitutes one chapter of this guide.
In certain cases, a maintenance release will not have been made generally available. These cases are noted in the
Maintenance Release Availability Matrix. When Oracle has not made a maintenance release available, there will be
no corresponding chapter for that release. Therefore, you might encounter breaks in the chronological number of
maintenance release.
Maintenance Release Availability Matrix
The table below lists the availability for version S-CX6.3.0 maintenance releases.
Mainenance release number
Availability Notes
S-CX6.3.0M1
S-CX6.3.0M2
August 7, 2012
S-CX6.3.0M3
S-CX6.3.0M4
Availability Notes
S-CX6.3.0M5
Related Documentation
The following table lists the members that comprise the documentation set for this release:
Document Name
Document Description
Contains information about the components and installation of the Acme Packet
4500 system.
Contains information about the components and installation of the Acme Packet
Acme Packet 3800 Hardware
Installation Guide (400-0118-00) 3800 system.
Release Notes
Contains information about the current documentation set release, including new
features and management changes.
Maintenance and
Troubleshooting Guide
Accounting Guide
Contains information about the Historical Data Recording (HDR) feature. This
guide includes HDR configuration and system-wide statistical information.
Administrative Security
Essentials
1
S-CX6.3.0M1
This chapter provides descriptions, explanations, and configuration information for the contents of Net-Net OS
Release S-CX6.3.0 M1.
Content Map
This section provides a table listing all content in Net-Net OS Release S-CX6.3.0 M1.
Content Type
Description
Adaptation
H.235 Encryption
Following the ITU-T H.235 encryption standard, the Oracle Communications Session Border Controller allows media
(audio, video, and data) media that has already been encrypted by endpoints to pass through it, thereby supporting
videoconferencing applications where media confidentiality is key. The ITU-T standard provides a profile with key
management using Diffie-Hellman keys and the specification of an encryption algorithm.
Specifically, the Oracle Communications Session Border Controller permits the following:
H.225 Setup and connectThe tokens parameter and its subfields in H.225 Setup and Connect message to pass
transparently through the Oracle Communications Session Border Controller
H.245Teminal CapabilitySetThe H.245 TerminalCapabilitySet messages to pass transparently through the
Oracle Communications Session Border Controller, including:
Audio, video, and data capabilities
The h235SecurityCapability capability
H.245 OpenLogicalChannel and OpenLogicalChannelAckOLC messages with dataType h235Media to pass
transparently through the Oracle Communications Session Border Controller; to accomplish this, the Oracle
Communications Session Border Controller uses the mediaType subfield instead of the dataType field when the
dataType is h235Media. The encryptionSync parameter and its subfields found in OLC and OLCAck messages to
pass transparently through the Oracle Communications Session Border Controller.
S-CX6.3.0M1
You do not need to follow special configuration steps to enable this functionality; it works automatically.
2
S-CX6.3.0M2
This chapter provides descriptions, explanations, and configuration information for the contents of Net-Net OS
Release Version S-CX6.3.0M2.
Content Map
This section provides a table listing all content in Net-Net OS Release Version S-CX6.3.0M2.
Content Type
Description
Adaptation
Adaptation
Adaptation
S-CX6.3.0M2
10
S-CX6.3.0M2
11
S-CX6.3.0M2
Each H.248 ALG you configure has:
When the Oracle Communications Session Border Controller needs to allocate a pot map from its pool of available IP
ports, it follows this course of actions in order:
1. Returns an error if there are no IP ports available.
2. Obtains the first IP port from the list of available IP ports.
3. Inserts the IP port it obtained into the map of allocated ports in order to create a mapping between the core-side H.
248 IP address/port combination and the GW MID.
4. Removes the allocated IP port from the list of available IP ports.
5. Decrements the number of IP ports available on the core side.
6. Increments the number of IP ports allocated on the core side.
7. Generates an alarm and sends out a trap if the number of allocated ports exceeds 90% of the total available IP
ports that can be mapped on the core side.
Returning a Port Map to the Pool
When the Oracle Communications Session Border Controller needs to return an allocated port map to the pool of
available port maps, it follows this course of actions in order:
8. Returns an error if the freed IP port is invalid.
9. Returns an error if the freed IP port is not in the map of allocated IP ports.
10. Clears the alarm raised and clears the corresponding trap if the capacity of used ports exceeded 90%.
11. Removes the IP port being freed from the map of allocated IP ports.
12. Adds the IP port being freed to the end of the list of available IP ports.
13. Decrements the number of allocated IP ports.
14. Increments the number of available IP ports.
The GW goes out of serviceThe map is removed when theOracle Communications Session Border Controller
received a ServiceChange message for which the Termination is root and the ServiceChangeMethod is
Forced.
The Oracle Communications Session Border Controller detects a GW faultThe Oracle Communications Session
Border Controller fails to receives a the response for the AuditValue it sends to the GW as a heartbeat mechanism.
12
S-CX6.3.0M2
ACMEPACKET(configure)# session-router
ACMEPACKET(session-router)#
3. Type h248-config and press Enter.
ACMEPACKET(session-router)# h248-config
ACMEPACKET(h248-config)#
4. Type h248-mg-config and press Enter.
ACMEPACKET(h248-config)# h248-mg-config
ACMEPACKET(h248-mg-config)#
5. Type port-map and press Enter.
ACMEPACKET(h248-mg-config)# port-map
ACMEPACKET(port-map)#
6. addressEnter the IP address for the port map. Note that port maps are indexed based on IP address, meaning that
no two port maps can have the same IP address. So you must configure the correct IP address for the port map
such that there are no duplicates when flows are created. For example, the SIP interface IP address should not
collide with the IP address:Port range you set for a port map. Using the verify-config command catches overlap
issues. This parameter is blank by default.
7. start-portEnter the number of the port that starts the range of ports to be mapped for the IP address you
configured for the port map. If you set this parameter to 0, the port map is ignored and will not be used. The
default for this parameter is 1025, and the valid range is 1025-65535.
8. end-portEnter the number of the port that ends the range of ports to be mapped for the IP address you
configured for the port map. If you set this parameter to 0, the port map is ignored and will not be used. The
default for this parameter is 1025, and the valid range is 1025-65535.
A new port map can be added with a new IP address and port rangeThere are no issues; data structures and
statistics are updated.
An existing port map might be modified to:
Expand the port rangeThere are no issues; data structures and statistics are updated.
Reduce the port rangeWhenever a port or IP port is dropped, associated flows on the Oracle
Communications Session Border Controller are also dropped. The Oracle Communications Session Border
Controller cleans up the relevant ALG and media sessions. The endpoints need to re-register to send
subsequent messages. The MGC will also be required to clean up its resources.
An existing port map might be deletedWhenever a port or IP port is dropped, associated flows on the Oracle
Communications Session Border Controller are also dropped. The Oracle Communications Session Border
Controller cleans up the relevant ALG and media sessions. The endpoints need to re-register to send subsequent
messages. The MGC will also be required to clean up its resources.
Another port mapping mechanism might be chosen instead of the H.248 port mapping ALGA reboot is required
whenever the mapping mechanism changes.
For high availability (HA) nodes:
The core-side IP port must be replicated across systems in order to be highly available.
Whenever a port map is created or deleted on the Active system, it should also be created or deleted on the
Standby.
Management
This section offers information about management related to IPport resources for the H.248 port mapping ALG.
Viewing Port Use per MG
Using the ACLI show h248d h248-mg mgc-name command, you can display information about how many IP ports
are available, allocated (used), and free.
Oracle Communications Session Border Controller
13
S-CX6.3.0M2
ACMEPACKET# show h248d h248-mg mgc-name <mgc-name>
'Mapping for: <mgc-name>: Port-mapping'
Number of ports available: 64512
Number of ports used: 10
Number of ports free: 64502
Viewing Specific Port Maps
You can see specific port maps between GW MIDs and core-side IPaddress/ports using either the GW MID or the IP
port.
ACMEPACKET# show h248d gateway by-mid <GWMID>
'Mapping for GWMID: <GWMID>
Local IPPort: 172.16.18.5:2944
Remote IPPort: 192.168.101.111:1025
ACMEPACKET# show h248d gateway ipport <IPPort'>
Mapping for: <mgc-name>: Port-mapping'
Core IPPort: 192.168.101.111:1025
GWMID: mobile1
GW IPPort; 172.16.18.5:2944
Resource Limits and Sample Messages
The Oracle Communications Session Border Controller follows a defined set of actions when port map resources
exceed and fall back from 90%:
When resource use exceeds 90% of the total number of available IP ports, the Oracle Communications Session
Border Controller sends information to syslog, generates an alarm, and sends a trap. These actions are taken only
once when the 90% threshold is broken. For example, the system does not continue issuing alarms for the entire
time the threshold is exceededeven if the level of use continues to rise (say from 90% to 91%, and then from
91% to 92%).
When resource use returns to a level less that 90%, the systems clears the trap.
The syslog message looks like this, and is at the WARNING level:
<mgc-name> on realm=<realm>: port map usage has exceeded 90%
The alarm raised looks like this, and is at the MINOR level. It does not affect the system healthscore.
<mgc-name> on realm=<realm>: port map usage has exceeded 90%
The MINOR trap sent for usage being exceeded looks like this:
apSysMgmtH248PortMapUsageTrap
NOTIFICATION-TYPE
OBJECTS
{ apSysMgmtH248MgcName, apSysMgmtH248Realm,
apSysMgmtH248PortMapUsage }
STATUS
current
DESCRIPTION
" The trap will be generated when the port map usage on H.248
core side
Exceeds 90%."
::= { apSystemManagementMonitors 84 }
The trap that clears the MINOR trap for exceeded usage looks like this:
apSysMgmtH248PortMapUsageClearTrap
NOTIFICATION-TYPE
OBJECTS
{ apSysMgmtH248MgcName, apSysMgmtH248Realm}
STATUS
current
DESCRIPTION
" The trap will be generated when the port map usage on H.248
core side
Goes down below 90%."
::= { apSystemManagementMonitors 85 }
apSysMgmtH248MgcName OBJECT-TYPE
SYNTAX
DisplayString
MAX-ACCESS
read-only
14
S-CX6.3.0M2
STATUS
current
DESCRIPTION
"Number of current cached database-type contacts in the SD."
::= { apSysMgmtMIBGeneralObjects 31 }
apSysMgmtH248Realm OBJECT-TYPE
SYNTAX
DisplayString
MAX-ACCESS
read-only
STATUS
current
DESCRIPTION
"Number of current cached database-type contacts in the SD."
::= { apSysMgmtMIBGeneralObjects 32 }
apSysMgmtH248PortMapUsage OBJECT-TYPE
SYNTAX
Unsigned32
MAX-ACCESS
read-only
STATUS
current
DESCRIPTION
"Number of current cached database-type contacts in the SD."
::= { apSysMgmtMIBGeneralObjects 33 }
15
S-CX6.3.0M2
ACMEPACKET(session-router)# h248-config
ACMEPACKET(h248-config)#
4. Type h248-mg-config and press Enter.
ACMEPACKET(h248-config)# h248-mg-config
ACMEPACKET(h248-mg-config)#
5. Type port-map and press Enter.
ACMEPACKET(h248-mg-config)# port-map
ACMEPACKET(port-map)#
6. media-expiration-actionChange this parameter from none (default) to notify-with-netfail if you want the Oracle
Communications Session Border Controller to track media timer expiration and notify the MGC should an media
expiration occur.
7. Save your work.
16
3
S-CX6.3.0M3
This chapter provides descriptions, explanations, and configuration information for the contents of Net-Net OS
Release Version S-CX6.3.0M3.
Current SPL Engine Version: C2.0.1
Content Map
This section provides a table listing all content in Net-Net OS Release Version S-CX6.3.0M3.
Content Type
Description
Adaptation
Adaptation
Adaptation
Adaptation
Adaptation
Adaptation
Defect
Forward merge
S-CX6.2.0M11
Software
Denied
Trusted
Media
ARP
VLANs
Net-Net
4500
SCX6.3.0M3
32000
8000
64000
2000
16384
3000
250000
114688
17
S-CX6.3.0M3
Hardware
Software
Denied
Trusted
Media
ARP
VLANs
Net-Net
3800
SCX6.3.0M3
8000
2000
32000
1000
16384
3000
125000
49152
S-CX6.3.0M3
media-manager
The following configuration elements and parameters are found under the media-manager path.
Configuration Element or subelement
Parameter
codec-policy
name
dns-config
Client-realm
server-realm
ext-policy-server
name
realm
media-policy
name
realm-config
identifier
parent-realm
dns-realm
media-policy
Media-sec-policy
Class-profile
enforcement-profile
static-flow
in-realm-id
out-realm-id
steering-pool
realm-id
vbg-config
realm-id
security
The following configuration elements and parameters are found under the security path.
Configuration Element or subelement
Parameter
certificate-recorder
name
ike> data-flow
name
realm-id
ike> dpd-params
name
ike> ike-interface
Dpd-params-name
ike> ike-sainfo
name
ike> local-address-pool
name
dns-realm- id
Data-flow
ike> tunnel-orig-params
name
ims-aka-profile
name
19
S-CX6.3.0M3
Configuration Element or subelement
Parameter
media-media-sec-policy
name
media-mikey-policy
name
media-sdec-policy
name
public-key
name
tls-profile
name
session-router
The following configuration elements and parameters are found under the session-router path.
Configuration Element or subelement
Parameter
access-control
realm-id
call-recording-server
primary-realm
secondary-realm
class-profile
media-policy
class-profile> policy
profile-name
enforcement-profile
name
enum-config
name
realm-id
Service-type
health-query-number
failover-to
h248-config> h248-mgc-config
realm-id
h248-config> h248-mg-config
realm-id
h323> h32h-stack
name
realm-id
assoc-stack
gk-identifier
filename
local-routing-config
name
file-name
media-profile
name
subname
mgcp-config
private-realm
public-realm
net-management-control
20
name
Oracle Communications Session Border Controller
S-CX6.3.0M3
Configuration Element or subelement
Parameter
next-hop
rph-profile
qos-constraints
name
rph-policy
name
rph-profile
name
Media-policy
session- constraints
name
session- router
sr-primary-name
sr-secondary-name
session-agent
realmid
egress-realm-id
response-map
local-response-map
enforcement-profile
sip-profile
sip-isup-profile
session-group
group-name
sip-config
Home-realm-id
egress-realm-id
enforcement-profile
sip-interface
realm-id
operator-identifier
ext-policy-server
constraint-name
response-map
local-response-map
enforcement-profile
sip-profile
sip-isup-profile
tunnel-name
sip-manipulations
name
sip-nat
Realm-id
sip-profile
name
sip-response-map
name
21
S-CX6.3.0M3
Configuration Element or subelement
Parameter
sup-isup-profile
name
surrogate-agent
realm-id
system
The following configuration elements and parameters are found under the system path.
Configuration Element or subelement
Parameter
network-interface
name
phy-interface
name
reduncancy> peer
name
snmp-user-entry
user-name
S-CX6.3.0M3
0
1
be:02:ac:1e:00:20
: 0
0
0
300::/64
02-NETWORK 0
0
1
00:00:00:00:00:00
----------------------------------------------------------------------------------------0
23
S-CX6.3.0M3
24
S-CX6.3.0M3
Border Controller then sends the ReINVITE with inserted SDP to the next hop signaling entity. You do not need the
media profiles setting for ReINVITEs.
To enable SDP insertion for ReINVITEs:
1. In Superuser mode, type configure terminal and press Enter.
ACMEPACKET# configure terminal
ACMEPACKET(configure)#
2. Type session-router and press Enter.
ACMEPACKET(configure)# session-router
ACMEPACKET(session-router)#
3. Type sip-interface and press Enter.
ACMEPACKET(session-router)# sip-interface
ACMEPACKET(sip-config)#
4. add-sdp-inviteChange this parameter from disabled (default), and set it to reinvite.
5. Save and activate your configuration.
add-sdp-invite
add-sdp-inviteEnable or disable this SIP interface inserting an SDP into either an INVITE or a REINVITE, or both.
Default disabled
Values: disabledDo not insert an SDP
inviteInsert an SDP in the invite
reinviteInsert an SDP in the reinvite
bothInsert SDP in both SDP-less invites and reinvites
Establish an authenticated, persistent, reliable TCP connection between itself and one or more Palladion
Mediation Engines.
Optionally ensure message privacy by encrypting the TCP connection using TLS.
Use the TCP connection to send a UTC-timestamped, unencrypted copy of a protocol message to the Palladion
Engine(s).
Accompany the copied message with related data to include: the port/vlan on which the message was sent/
received, local and remote IP:port information, and the transport layer protocol.
The following illustration shows how the Palladion Communications Monitor Probe handles incoming and outgoing
monitored data on the Net-Net ESD.
25
S-CX6.3.0M3
IPFIX
The Net-Net Session Director uses the IPFIX suite of standards to export protocol message traffic and related data to
the Palladion Mediation Engine.
RFC 5101, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow
Information
RFC 5102, Information Model for IP Flow Information Export
RFC 5470, Architecture for IP Flow Information Export
RFC 5655, Specification of the IP Flow Information Export (IPFIX) File Format
RFC 5815, Definitions of Managed Objects for IP Flow Information Export
The IPFIX standards describe the use of templates to format the export of specific types of protocol traffic. The NetNet Session Director and the Palladion Mediation Engine share ten (10) pre-defined templates that facilitate protocol
message exchange, and subsequent processing and analysis by the Palladion Engine.
The pre-defined templates are:
Communication Monitor
Use the following procedure to configure communication monitoring:
26
S-CX6.3.0M3
1. From superuser mode, use the following ACLI sequence to access comm-monitor configuration mode. From
comm-monitor mode, you establish a connection between the Oracle Communications Session Border Controller,
acting as an exporter of protocol message traffic and related data, and a Palladion Mediation Engine, acting as an
information collector.
ACMEPACKET# configure terminal
ACMEPACKET(configure)# system
ACMEPACKET(system)# system-config
ACMEPACKET(system-config)# comm-monitor
ACMEPACKET(comm-monitor)#
2. Use the state parameter to enable or disable communication monitoring.
Communication monitoring is disabled by default.
ACMEPACKET(comm-monitor)# state enabled
ACMEPACKET(comm-monitor)#
3. Use the sbc-group-id parameter to assign an integer value to the Oracle Communications Session Border
Controller, in its role as an information exporter.
Retain the default value (0) or assign another integer value.
ACMEPACKET(comm-monitor)# sbc-group-id 5
ACMEPACKET(comm-monitor)#
4. Use the network-interface parameter to specify the network interface whose traffic will be exported to the
Palladion Mediation Engine.
To specify a media interface (the usual case):
ACMEPACKET(comm-monitor)# network-interface m01
ACMEPACKET(comm-monitor)#
To specify the wancom0 management interface (supported, but not generally used):
ACMEPACKET(comm-monitor)# network-interface wancom0:0
ACMEPACKET(comm-monitor)#
5. If the network interface specified in Step 4 is a media interface, you can optionally use TLS to encrypt the
exported traffic and related data.
To enable TLS encryption, use the tls-profile parameter to identify a TLS profile to be assigned to the network
interface. The absence of an assigned TLS profile (the default state) results in unencrypted transmission.
Refer to TLS Profile Configuration for configuration details.
ACMEPACKET(comm-monitor)# tls-profile commMonitor
ACMEPACKET(comm-monitor)#
6. Use the qos-enable parameter to enable or disable to export of RTP, SRTP, and QOS data flow information.
ACMEPACKET(comm-monitor)# qos-enable enabled
ACMEPACKET(comm-monitor)#
7. Use the monitor-collector parameter to move to monitor-collector configuration mode.
While in this mode you identify a Palladion Mediation Engine (a receiver of exported data) by IP address and port
number.
ACMEPACKET(comm-monitor)# monitor-collector
ACMEPACKET(monitor-collector)#
8. Use the address and port parameters to specify the IP address and port number monitored by a Palladion
Mediation Engine for incoming IPFIX traffic.
Enter an IPv4 address and a port number with the range 1025 through 65535, with a default value of 4739.
ACMEPACKET(monitor-collector)# address 172.30.101.239
ACMEPACKET(monitor-collector)# port 4729
ACMEPACKET(monitor-collector)#
9. Use done and exit to return to comm-monitor configuration mode.
Oracle Communications Session Border Controller
27
S-CX6.3.0M3
10. Use done, exit, and verify-config to complete configuration.
11. Repeat Steps 1 through 10 to configure additional as required.
28
S-CX6.3.0M3
ACMEPACKET(tls-profile)# name commMonitor
ACMEPACKET(tls-profile)#
3. Use the required end-entity-certificate parameter to specify the name of the certificate-record configuration that
identifies the credential (specifically, an X509.v3 certificate) offered by the Net-Net Session Director in support of
its asserted identity.
ACMEPACKET(tls-profile)# end-entity-certificate commMonitor509
ACMEPACKET(tls-profile)#
4. Use the required trusted-ca-certificatesparameter to compile a list or one or more certificate-record configuration
elements referencing trusted Certification Authority (CA) certificates used to authenticate the offered certificate.
These referenced certificates are conveyed to the Palladion Mediation Engine as part of the TLS exchange.
Provide a comma separated list of existing CA certificate-record configuration elements.
ACMEPACKET(tls-profile)# trusted-ca-certificates verisignClass3a,verisignClass3-b,baltimore,thawtePremium,acme-CA
ACMEPACKET(tls-profile)#
5. Retain the default value, all, for the cipher-list parameter.
6. Use the verify-depthparameter to specify the maximum number of chained certificates that will be processed
while authenticating end-entity certificate received from the Palladion Mediation Engine.
Provide an integer within the range 1 through 10 (the default).
The Oracle Communications Session Border Controller supports the processing of certificate chains (consisting of
an end-entity certificate and some number of CA certificates) when X.509v3 certificate-based authentication is
used. The following process validates a received TLS certificate chain.
a) Check the validity dates (Not Before and Not After fields) of the end certificate. If either date is invalid,
authentication fails; otherwise, continue chain validation
b) Check the maximum length of the certificate chain (specified by verify-depth). If the current chain exceeds this
value, authentication fails; otherwise, continue chain validation.
c) Verify that the Issuer field of the current certificate is identical to the Subject field of the next certificate in the
chain. If values are not identical, authentication fails; otherwise, continue chain validation.
d) Check the validity dates (Not Before and Not After fields) of the next certificate. If either date is invalid,
authentication fails; otherwise, continue chain validation.
e) Check the X509v3 Extensions field to verify that the current certificate identifies a CA. If not so,
authentication fails; otherwise, continue chain validation.
f) Extract the Public Key from the current CA certificate. Use it to decode the Signature field of the prior
certificate in the chain. The decoded Signature field yields an MD5 hash value for the contents of that
certificate (minus the Signature field).
g) Compute the same MD5 hash. If the results are not identical, authentication fails; otherwise, continue chain
validation.
h) If the hashes are identical, determine if the CA identified by the current certificate is a trust anchor by referring
to the trusted-ca-certificates attribute of the associated TLS-profile configuration object. If the CA is trusted,
authentication succeeds. If not, return to Step 2.
ACMEPACKET(tls-profile)# verify-depth 8
ACMEPACKET(tls-profile)#
7. Use the mutual-authenticate parameter to enable or disable (the default) mutual authentication.
Protocol requirements mandate that the server present its certificate to the client application. Optionally, the server
can implement mutual authentication by requesting a certificate from the client application, and authenticating the
certificate offered by the client.
Upon receiving a server certificate request, the client application must respond with a certificate; failure to do so
results in authentication failure.
ACMEPACKET(tls-profile)# mutual-authenticate disabled
ACMEPACKET(tls-profile)#
8. Retain the default value, compatibility, for the tls-version parameter.
Oracle Communications Session Border Controller
29
S-CX6.3.0M3
9. Retain default values for all other parameters.
10. Use done, exit, and verify-config to complete tls-profile configuration.
11. Repeat Steps 1 through 10 to configure additional tls-profiles as required.
Baseline Configuration
To complete automated DST configuration, you must give a name to the time zone that this system adheres to and the
minutes from UTC (offset) from UTC, entered as +/-720.
=
=
EST
300
= 3
= 1
= sunday
= 2
Oracle Communications Session Border Controller
S-CX6.3.0M3
dst-start-rule
dst-end-month
dst-end-day
dst-end-weekday
dst-end-hour
dst-end-rule
second
11
1
= sunday
= 2
= first
=
=
=
=
GMT
0
= 3
= 1
= sunday
= 1
= last
= 10
= 1
= sunday
= 2
= last
Note the dst-end-hour is 2 because this is the local time and 2am BST is 1am UTC.
timezone Configuration
To configure the timezone-config:
1. In Superuser mode, type configure terminal and press Enter.
ACMEPACKET# configure terminal
ACMEPACKET(configure)#
2. Type system and press Enter.
ACMEPACKET(configure)# system
ACMEPACKET(system)#
3. Type timezone-config and press Enter. The system prompt changes to let you know that you can begin
configuring individual parameters.
ACMEPACKET(system)# timezone-config
ACMEPACKET(timezone-config)#
4. nameEnter the time zone name where this Net-Net SBC resides.
5. minutes-from-utcEnter the offset from UTC in minutes. Valid values are +/-720 (a plus is not required when
entering a positive offset.
6. dst-start-ruleEnter static when configuring a static DST start date or the ordinal position of the configured dststart-weekday parameter when configuring a rules-based DST offset. Valid values are:
disabled | static | first | second | third | fourth | last
Oracle Communications Session Border Controller
31
S-CX6.3.0M3
7. dst-start-monthEnter the month number that DST starts
8. dst-start-dayEnter the day number of the month when DST starts. This parameter is only configured in static
DST rules.
9. dst-start-weekdayEnter the day name when DST starts. This parameter is only configured in non-static DST
rules.
10. dst-start-hourEnter the hour when DST starts.
11. dst-end-ruleEnter static when configuring a static DST end date or the ordinal position of the configured dstend-weekday parameter when configuring a rules-based DST offset. Valid values are:
disabled | static | first | second | third | fourth | last
12. dst-end-monthEnter the month number when DST ends.
13. dst-end-dayEnter the day number of the month when DST ends. This parameter is only configured in static DST
rules.
14. dst-end-weekdayEnter the day name when DST ends. This parameter is only configured in non-static DST
rules.
15. dst-end-hourEnter the hour when DST ends.
16. Type done to save your configuration.
Maintenance
show time zone
The show timezone command displays the DST settings. If rules-based DST configuration is used, the Oracle
Communications Session Border Controller converts the rule into the absolute DST start or end time for the current
year. For example:
ACMEPACKET# show timezone
Timezone name: CST
Minutes from UTC(negative if past UTC): -360
Date and hour daylight saving time begins(mmddHH): 031100
Date and hour daylight saving time ends(mmddHH): 110400
timezone-config
The timezone-config element is used to configure the systems timezone, UTC offset, and DST dates or rules.
Syntax
timezone-config <name | minutes-from-utc | dst-start-rule | dst-start-month |
dst-start-day | dst-start-weekday | dst-start-hour | dst-end-rule | dst-endmonth | dst-end-day | dst-end-weekday | dst-end-hour>
Parameters
name Name for this configuration element as the timezone for this system.
minutes-from-utc UTC offset for this timezone in minutes.
32
Default 0
Values: Min: -720 / Max: 720
dst-start-rule How the DST rule is implemented. If set to static, dst-start-month, dst-start-day, and dst-starthour are used; the dst-start-weekday parameter is ignored. If set to an ordinal number, the dst-start-weekday is
used and the dst-start-day parameter is ignored.
Default disabled
Oracle Communications Session Border Controller
S-CX6.3.0M3
dst-start-month Month when DST goes into affect adding one hour to the system clock.
Default 1
Values: Min: 1 / Max: 12
dst-start-day Day of the month when DST goes into affect adding one hour to the system clock. Only used
when dst-start-rule is set to static.
Default 1
Values: Min: 1 / Max: 31
dst-start-weekday Named day of the week when DST goes into affect adding one hour to the system clock.
Only used in conjunction with the dst-start-rule parameter set to an ordinal number identifying the precise
calendar day.
Default sunday
Values: sunday | monday | tuesday | wednesday | thursday | friday | saturday
dst-start-hour Hour on the day when DST goes into affect adding one hour to the system clock.
Default 0
Values: Min: 0 / Max: 23
dst-end-rule How the DST rule is implemented. If set to static, dst-end-month, dst-end-day, and dst-end-hour
are used; the dst-end-weekday parameter is ignored. If set to an ordinal number, the dst-end-weekday is used and
the dst-end-day parameter is ignored.
Default disabled
Values: first | second | third | fourth | last | static | disabled
dst-end-month Month when DST ends and subtracts one hour from the system clock.
Default 1
Values: Min: 1 / Max: 12
dst-end-day Named day of the month when DST ends and subtracts one hour from the system clock. Only used
in conjunction with dst-start-rule set to an ordinal number identifying the precise calendar day.
Default sunday
Values: sunday | monday | tuesday | wednesday | thursday | friday | saturday
dst-end-weekday Named day of the week when DST ends and subtracts one hour from the system clock. Only
used in conjunction with the dst-start-rule parameter set to an ordinal number it identify the precise calendar day.
Default sunday
Values: sunday | monday | tuesday | wednesday | thursday | friday | saturday
dst-end-hour Hour on the day when DST ends and subtracts one hour from the system clock.
Default 0
Values: Min: 0 / Max: 23
Path
timezone-config is an element in the system path. The full path from the topmost ACLI prompt is: configure terminal
> system > timezone-config.
Release
First appearance: S-CX6.3.0M3
RTC Status
Notes
This is a single instance configuration element.
Oracle Communications Session Border Controller
33
4
S-CX6.3.0M4
This chapter provides descriptions, explanations, and configuration information for the contents of Net-Net OS
Release Version S-CX6.3.0M4.
Current SPL Engine Version: C2.0.1
Current patch baseline: S-CX6.3.0M3p3
Content Map
This section provides a table listing all content in Net-Net OS Release Version S-CX6.3.0M4.
Content Type
Description
Defect
Library Update
Prerequisites
To ensure individual flows are installed for RTP and RTCP, add the hnt-rtcp =enabled option in the media-managerconfig. This ensures that nat-flows are installed as un-collapsed.
35
S-CX6.3.0M4
2. Type select to begin configuring this object.
ACMEPACKET(bgf-config)# select
3. optionsConfigure the install-inactive-nat-flow option:
ACMEPACKET(bgf-config)# options +install-inactive-nat-flow
ACMEPACKET(bgf-config)#
4. Save and activate your configuration.
36
5
S-CX6.3.0M5
This chapter provides descriptions, explanations, and configuration information for the contents of Net-Net OS
Release Version S-CX6.3.0.
Current SPL Engine Version: C2.0.2
Current patch baseline: S-CX6.3.0M4p2
Content Map
This section provides a table listing all content in Net-Net OS Release Version S-CX6.3.0M5.
Content Type
Description
Library Update
37